Wireshark · Wireshark-users: Re: [Wireshark-users] Req: Information regarding wireshark file logging

[Douglas Ross <doug_ross_59@xxxxxxxxxxx>]

Hi,

 

Yes, of course - I did miss something!

And woke this morning with it in my head (it's now 0800 in Melbourne).

Apologies for my obtuse moment, and thanks for neat explanations.

 

As a matter of course I specified capture file location, and normally I used tethereal. Now that I'm back in the "frame" I've started using tshark.

 

Next time I'll "think before ink" :)

 

Cheers

Doug

---

From: Guy Harris <guy@xxxxxxxxxxxx>
To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Sent: Tue, 1 June, 2010 6:17:06 AM
Subject: Re: [Wireshark-users] Req: Information regarding wireshark file logging


On May 31, 2010, at 6:54 AM, Douglas Ross wrote:

> I'd like to discuss a point about "temporary" files.
> 
> In my experience (Windows), ethereal/wireshark creates files in the location specified by the user (if not stdout).
> So they are "permanent".

As Jaap noted, the user doesn't have to specify a location - and, if they don't, it doesn't get written to the standard output.  (In fact, Ethereal/Wireshark never allowed the capture to be written to the standard output, and never will allow that; the capture has to exist in some form of storage as long as it's open.)

If the user doesn't specify a location, the packets are written to a file in a temporary file directory; if the user closes the capture, the file is removed.  It is a named file in the file system, so it's "permanent" in that sense, but it's removed when the capture is closed, so it's not "permanent" in that sense.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe